- 261/2024
- High
Palo Alto has released security updates to fix multiple vulnerabilities across several Palo Alto products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, execute buffer overflow attacks, gain elevated privilege, bypass security restrictions, or execute arbitrary commands and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Palo Alto Networks PAN-OS Command Execution Vulnerability (CVE-2024-8686):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
2. Palo Alto Networks PAN-OS Information Disclosure Vulnerability (CVE-2024-8687):
- CVSS: 6.9
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
The affected products:
- PAN-OS.
- Cortex XDR Agent.
- ActiveMQ Content Pack.
- Prisma Access Browser.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.